refactor(schedule): unify service timeouts, rename 08_timer.yml → 08_schedule.yml, fix docker repair/update timeouts, raise WP upload limit

See https://chatgpt.com/share/68b1deb9-2534-800f-b28f-7f19925b1fa7
2025-08-30 15:28:12 +02:00 · 2025-08-29 19:09:28 +02:00
parent 2fccebbd1f
commit db642c1c39
8 changed files with 20 additions and 23 deletions
--- a/group_vars/all/08_schedule.yml
+++ b/group_vars/all/08_schedule.yml
@@ -2,20 +2,20 @@
 # Service Timers

 ## Meta
-SYS_TIMER_ALL_ENABLED:         "{{ MODE_DEBUG }}"   # Runtime Variables for Process Control - Activates all timers, independend if the handlers had been triggered
+SYS_TIMER_ALL_ENABLED:                        "{{ MODE_DEBUG }}"   # Runtime Variables for Process Control - Activates all timers, independend if the handlers had been triggered

 ## Server Tact Variables 

-HOURS_SERVER_AWAKE:            "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
-RANDOMIZED_DELAY_SEC:          "5min"  # Random delay for systemd timers to avoid peak loads.
+HOURS_SERVER_AWAKE:                           "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
+RANDOMIZED_DELAY_SEC:                         "5min"  # Random delay for systemd timers to avoid peak loads.

 ## Timeouts for all services
-SYS_TIMEOUT_CLEANUP_SERVICES:  "15min"
-SYS_TIMEOUT_STORAGE_OPTIMIZER: "10min"
-SYS_TIMEOUT_BACKUP_SERVICES:   "1h"
-SYS_TIMEOUT_HEAL_DOCKER:       "30min"
-SYS_TIMEOUT_UPDATE_DOCKER:     "2min"
-SYS_TIMEOUT_RESTART_DOCKER:    "{{ SYS_TIMEOUT_UPDATE_DOCKER }}"
+SYS_TIMEOUT_DOCKER_RPR_HARD:                  "10min"
+SYS_TIMEOUT_DOCKER_RPR_SOFT:                 "{{ SYS_TIMEOUT_DOCKER_RPR_HARD }}"
+SYS_TIMEOUT_CLEANUP_SERVICES:                 "15min"
+SYS_TIMEOUT_DOCKER_UPDATE:                    "20min"
+SYS_TIMEOUT_STORAGE_OPTIMIZER:                "{{ SYS_TIMEOUT_DOCKER_UPDATE }}"
+SYS_TIMEOUT_BACKUP_SERVICES:                  "60min"

 ## On Calendar

--- a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
@@ -8,7 +8,7 @@
  vars:
    system_service_on_calendar:         "{{ SYS_SCHEDULE_REPAIR_DOCKER_HARD }}"
    system_service_timer_enabled:       true
-    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} {{ SYS_SERVICE_GROUP_CLEANUP | join(" ")  }} --timeout "{{ SYS_TIMEOUT_RESTART_DOCKER }}"'
+    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} {{ SYS_SERVICE_GROUP_CLEANUP | join(" ")  }} --timeout "{{ SYS_TIMEOUT_DOCKER_RPR_HARD }}"'
    system_service_tpl_exec_start:      '{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
    system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}"
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
--- a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
@@ -9,6 +9,6 @@
    system_service_on_calendar:         "{{ SYS_SCHEDULE_REPAIR_DOCKER_SOFT }}"
    system_service_timer_enabled:       true
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
-    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }} --timeout '{{ SYS_TIMEOUT_HEAL_DOCKER }}'"
+    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }} --timeout '{{ SYS_TIMEOUT_DOCKER_RPR_SOFT }}'"
    system_service_tpl_exec_start: >
      /bin/sh -c '{{ system_service_script_exec }} --manipulation-string "{{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }}" {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
--- a/roles/update-docker/tasks/01_core.yml
+++ b/roles/update-docker/tasks/01_core.yml
@@ -13,4 +13,8 @@
 - include_role:
    name: sys-service
  vars:
-    system_service_restarted: true
+    system_service_restarted:           true
+    system_service_timer_enabled:       false
+    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_tpl_exec_start:      "{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}"
+    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} {{ 'update-docker' | get_service_name(SOFTWARE_NAME) }} --timeout '{{ SYS_TIMEOUT_DOCKER_UPDATE }}'"
--- a/roles/update-docker/templates/systemctl.service.j2
+++ b/roles/update-docker/templates/systemctl.service.j2
@@ -1,8 +0,0 @@
-[Unit]
-Description=Updates Docker Instances
-OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
-
-[Service]
-Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} {{ 'update-docker' | get_service_name(SOFTWARE_NAME) }} --timeout "{{ SYS_TIMEOUT_HEAL_DOCKER }}"
-ExecStart={{ system_service_script_exec }}
--- a/roles/web-app-wordpress/config/main.yml
+++ b/roles/web-app-wordpress/config/main.yml
@@ -1,5 +1,5 @@
-title:                "Blog"  # WordPress titel
-max_upload_size:      "15M"   # Low default upload size, because you should use Peertube for Videos and Funkwhale for Audio files
+title:                "Blog"   # WordPress titel
+max_upload_size:      "256M"   # Low default upload size, because you should use Peertube for Videos and Funkwhale for Audio files
 plugins:
  wp-discourse:
    enabled:          "{{ 'web-app-discourse' in group_names | lower }}"
--- a/roles/web-app-wordpress/tasks/04_update_domain.yml
+++ b/roles/web-app-wordpress/tasks/04_update_domain.yml
@@ -60,6 +60,7 @@
    --path={{ WORDPRESS_DOCKER_HTML_PATH }}
  register: wp_sr_scheme
  changed_when: "{{ ('Success: Made 0 replacements.' not in wp_sr_scheme.stdout) | bool }}"
+  when: WEB_PORT == 443

 - name: Flush caches and rewrite rules
  command: >
--- a/roles/web-app-wordpress/vars/oidc.yml
+++ b/roles/web-app-wordpress/vars/oidc.yml
@@ -17,7 +17,7 @@ oidc_settings:
  redirect_on_logout:       true                                                                  # Redirect users after logout to the login screen or homepage.
  redirect_user_back:       true                                                                  # Return users to their original URL after successful login.
  #acr_values:               "{{ OIDC.CLIENT.acr_values | default('') }}"                         # ACR values defining required authentication context (e.g., MFA level).
-  enable_logging:           "{{ MODE_DEBUG }}"                                                  # Enable detailed plugin logging for debugging and auditing.
+  enable_logging:           "{{ MODE_DEBUG }}"                                                    # Enable detailed plugin logging for debugging and auditing.
 #  log_limit:                "{{ OIDC.CLIENT.log_limit | default('') }}"                          # Maximum number of log entries to retain before pruning.
  no_sslverify:             false                                                                 # The flag to enable/disable SSL verification during authorization.
  http_request_timeout:     5                                                                     # The timeout for requests made to the IDP. Default value is 5.